Announcement Announcement Module
Collapse
No announcement yet.
secure init-method Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • secure init-method

    Hi
    I need to be sure that init-method can be executed during Spring startup ONLY. Can I do this somehow?

  • #2
    I think the easiest way of doing this would be by making ensuring the scope of the init-method was not viewable by any other java object.

    Comment


    • #3
      You mean Spring is able to call private init method?

      Comment


      • #4
        Depending on your Java Security Manager, yes Spring can call a private init method. For example the following would work so long as the Java Security Manager allowed it:

        Code:
        class MyClass {
          private void init() {
            ..
          }
        }
        
        <bean class="MyClass" init-method="init"/>
        However, even if the method is not private you can secure it by never referencing it (i.e. using an inner bean when declaring it). This may sound like a risk, but if a user got a hold of an instance of an Object that was not woven with the Security Aspect it would have the same problems. In fact, weaving proxy based aspects is essentially creating an inner bean of the unsecured class and wrapping it with the Security Aspect.

        Comment

        Working...
        X